l browsers: use firefox directly, RIP xjails
This commit is contained in:
parent
92cfeace54
commit
0ea0723933
@ -48,11 +48,6 @@
|
||||
};
|
||||
hardware.pulseaudio.package = pkgs.pulseaudioFull;
|
||||
|
||||
lass.browser.config = {
|
||||
fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; };
|
||||
qt = { browser = "qutebrowser"; groups = [ "audio" "video" ]; hidden = true; };
|
||||
};
|
||||
|
||||
nix.trustedUsers = [ "root" "lass" ];
|
||||
|
||||
# nix.extraOptions = ''
|
||||
|
@ -54,12 +54,6 @@
|
||||
};
|
||||
hardware.pulseaudio.package = pkgs.pulseaudioFull;
|
||||
|
||||
lass.browser.config = {
|
||||
dc = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; };
|
||||
ff = { browser = "firefox"; groups = [ "audio" "video" ]; hidden = true; };
|
||||
fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; };
|
||||
};
|
||||
|
||||
nix.trustedUsers = [ "root" "lass" ];
|
||||
|
||||
services.tor = {
|
||||
|
@ -1,12 +1,8 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
lass.browser.config = {
|
||||
cr = { groups = [ "audio" "video" ]; precedence = 9; };
|
||||
};
|
||||
programs.chromium = {
|
||||
enable = true;
|
||||
extensions = [
|
||||
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
|
||||
];
|
||||
};
|
||||
programs.firefox.nativeMessagingHosts.tridactyl = true;
|
||||
environment.variables.BROWSER = "${pkgs.firefox}/bin/firefox";
|
||||
environment.systemPackages = [
|
||||
pkgs.firefox
|
||||
];
|
||||
}
|
||||
|
@ -1,12 +1,13 @@
|
||||
{ config, pkgs, lib, ... }: with import <stockholm/lib>; let
|
||||
|
||||
xdg-open-wrapper = pkgs.writeDashBin "xdg-open" ''
|
||||
/run/wrappers/bin/sudo -u lass ${xdg-open} "$@"
|
||||
exec ${xdg-open}/bin/xdg-open "$@" >> /tmp/xdg-debug.log 2>&1
|
||||
'';
|
||||
|
||||
xdg-open = pkgs.writeBash "xdg-open" ''
|
||||
set -e
|
||||
xdg-open = pkgs.writeBashBin "xdg-open" ''
|
||||
set -xe
|
||||
FILE="$1"
|
||||
PATH=/run/current-system/sw/bin
|
||||
mime=
|
||||
|
||||
case "$FILE" in
|
||||
@ -35,15 +36,13 @@
|
||||
|
||||
case "$mime" in
|
||||
special/mailaddress)
|
||||
urxvtc --execute vim "$FILE" ;;
|
||||
${optionalString (hasAttr "browser" config.lass) ''
|
||||
alacritty --execute vim "$FILE" ;;
|
||||
text/html)
|
||||
${config.lass.browser.select}/bin/browser-select "$FILE" ;;
|
||||
firefox "$FILE" ;;
|
||||
text/xml)
|
||||
${config.lass.browser.select}/bin/browser-select "$FILE" ;;
|
||||
''}
|
||||
firefox "$FILE" ;;
|
||||
text/*)
|
||||
urxvtc --execute vim "$FILE" ;;
|
||||
alacritty --execute vim "$FILE" ;;
|
||||
image/*)
|
||||
sxiv "$FILE" ;;
|
||||
application/x-bittorrent)
|
||||
@ -51,17 +50,18 @@
|
||||
application/pdf)
|
||||
zathura "$FILE" ;;
|
||||
inode/directory)
|
||||
sudo -u lass -i urxvtc --execute mc "$FILE" ;;
|
||||
alacritty --execute mc "$FILE" ;;
|
||||
*)
|
||||
# open dmenu and ask for program to open with
|
||||
$(dmenu_path | dmenu) "$FILE";;
|
||||
runner=$(print -rC1 -- ''${(ko)commands} | dmenu)
|
||||
exec $runner "$FILE";;
|
||||
esac
|
||||
'';
|
||||
in {
|
||||
environment.systemPackages = [ xdg-open-wrapper ];
|
||||
|
||||
security.sudo.extraConfig = ''
|
||||
cr ALL=(lass) NOPASSWD: ${xdg-open} *
|
||||
ff ALL=(lass) NOPASSWD: ${xdg-open} *
|
||||
cr ALL=(lass) NOPASSWD: ${xdg-open}/bin/xdg-open *
|
||||
ff ALL=(lass) NOPASSWD: ${xdg-open}/bin/xdg-open *
|
||||
'';
|
||||
}
|
||||
|
@ -1,94 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
|
||||
cfg = config.lass.browser;
|
||||
|
||||
browserScripts = {
|
||||
brave = "${pkgs.brave}/bin/brave";
|
||||
chrome = "${pkgs.google-chrome}/bin/chrome";
|
||||
chromium = "${pkgs.ungoogled-chromium}/bin/chromium";
|
||||
firefox = "${pkgs.firefox.override {
|
||||
extraNativeMessagingHosts = [ pkgs.tridactyl-native ];
|
||||
}}/bin/firefox";
|
||||
qutebrowser = "${pkgs.qutebrowser}/bin/qutebrowser";
|
||||
};
|
||||
|
||||
browser-select = let
|
||||
sortedPaths = sort (a: b: a.value.precedence > b.value.precedence)
|
||||
(filter (x: ! x.value.hidden)
|
||||
(mapAttrsToList (name: value: { inherit name value; })
|
||||
cfg.config));
|
||||
in if (lib.length sortedPaths) > 1 then
|
||||
pkgs.writeScriptBin "browser-select" ''
|
||||
BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu)
|
||||
case $BROWSER in
|
||||
${concatMapStringsSep "\n" (n: ''
|
||||
${n.name})
|
||||
export BIN=${config.lass.xjail-bins.${n.name}}/bin/${n.name}
|
||||
;;
|
||||
'') (sortedPaths)}
|
||||
esac
|
||||
$BIN "$@"
|
||||
''
|
||||
else
|
||||
let
|
||||
name = (lib.head sortedPaths).name;
|
||||
in pkgs.writeScriptBin "browser-select" ''
|
||||
${config.lass.xjail-bins.${name}}/bin/${name} "$@"
|
||||
''
|
||||
;
|
||||
|
||||
in {
|
||||
options.lass.browser = {
|
||||
select = mkOption {
|
||||
type = types.path;
|
||||
};
|
||||
config = mkOption {
|
||||
type = types.attrsOf (types.submodule ({ config, ... }: {
|
||||
options = {
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
default = config._module.args.name;
|
||||
};
|
||||
hidden = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
precedence = mkOption {
|
||||
type = types.int;
|
||||
default = 0;
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = config._module.args.name;
|
||||
};
|
||||
browser = mkOption {
|
||||
type = types.enum (attrNames browserScripts);
|
||||
default = "brave";
|
||||
};
|
||||
groups = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
};
|
||||
};
|
||||
}));
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
|
||||
config = (mkIf (cfg.config != {}) {
|
||||
lass.xjail = mapAttrs' (name: browser:
|
||||
nameValuePair name {
|
||||
script = browserScripts.${browser.browser};
|
||||
groups = browser.groups;
|
||||
}
|
||||
) cfg.config;
|
||||
environment.systemPackages = (map (browser:
|
||||
config.lass.xjail-bins.${browser.name}
|
||||
) (attrValues cfg.config)) ++ [
|
||||
browser-select
|
||||
];
|
||||
lass.browser.select = browser-select;
|
||||
});
|
||||
}
|
@ -12,8 +12,6 @@ _:
|
||||
./pyload.nix
|
||||
./screenlock.nix
|
||||
./usershadow.nix
|
||||
./xjail.nix
|
||||
./autowifi.nix
|
||||
./browsers.nix
|
||||
];
|
||||
}
|
||||
|
@ -1,173 +0,0 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
options.lass.xjail = mkOption {
|
||||
type = types.attrsOf (types.submodule ({ config, ...}: {
|
||||
options = {
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
default = config._module.args.name;
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = config.name;
|
||||
};
|
||||
groups = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
};
|
||||
from = mkOption {
|
||||
type = types.str;
|
||||
default = "lass";
|
||||
};
|
||||
display = mkOption {
|
||||
type = types.str;
|
||||
default = toString (genid_uint31 config._module.args.name);
|
||||
};
|
||||
dpi = mkOption {
|
||||
type = types.int;
|
||||
default = 90;
|
||||
};
|
||||
extraXephyrArgs = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
};
|
||||
extraVglrunArgs = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
};
|
||||
script = mkOption {
|
||||
type = types.path;
|
||||
default = pkgs.writeScript "echo_lol" "echo lol";
|
||||
};
|
||||
wm = mkOption {
|
||||
#TODO find type
|
||||
type = types.str;
|
||||
defaultText = "‹script›";
|
||||
default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" {
|
||||
executables.xmonad = {
|
||||
extra-depends = [
|
||||
"containers"
|
||||
"unix"
|
||||
"xmonad"
|
||||
];
|
||||
text = /* haskell */ ''
|
||||
module Main where
|
||||
import XMonad
|
||||
import Data.Monoid
|
||||
import System.Posix.Process (executeFile)
|
||||
import qualified Data.Map as Map
|
||||
|
||||
main :: IO ()
|
||||
main = do
|
||||
xmonad def
|
||||
{ workspaces = [ "1" ]
|
||||
, layoutHook = myLayoutHook
|
||||
, keys = myKeys
|
||||
, normalBorderColor = "#000000"
|
||||
, focusedBorderColor = "#000000"
|
||||
, handleEventHook = myEventHook
|
||||
}
|
||||
|
||||
myEventHook :: Event -> X All
|
||||
|
||||
myEventHook (ConfigureEvent { ev_event_type = 22 }) = do
|
||||
spawn "${pkgs.xorg.xrandr}/bin/xrandr >/dev/null 2>&1"
|
||||
return (All True)
|
||||
|
||||
myEventHook _ = do
|
||||
return (All True)
|
||||
|
||||
myLayoutHook = Full
|
||||
myKeys _ = Map.fromList []
|
||||
'';
|
||||
};
|
||||
}}/bin/xmonad";
|
||||
};
|
||||
};
|
||||
}));
|
||||
default = {};
|
||||
};
|
||||
|
||||
options.lass.xjail-bins = mkOption {
|
||||
type = types.attrsOf types.path;
|
||||
};
|
||||
|
||||
# implementation
|
||||
config = let
|
||||
scripts = mapAttrs' (name: cfg:
|
||||
let
|
||||
newOrExisting = pkgs.writeDash "${cfg.name}-existing" ''
|
||||
DISPLAY=:${cfg.display} ${pkgs.xorg.xrandr}/bin/xrandr
|
||||
if test $? -eq 0; then
|
||||
echo using existing xephyr
|
||||
${sudo_} "$@"
|
||||
else
|
||||
echo starting new xephyr
|
||||
${xephyr_} "$@"
|
||||
fi
|
||||
'';
|
||||
xephyr_ = pkgs.writeDash "${cfg.name}-xephyr" ''
|
||||
${pkgs.xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -nolisten local -dpi ${toString cfg.dpi} ${cfg.extraXephyrArgs} :${cfg.display} &
|
||||
XEPHYR_PID=$!
|
||||
DISPLAY=:${cfg.display} ${cfg.wm} &
|
||||
WM_PID=$!
|
||||
${sudo_} "$@"
|
||||
${pkgs.coreutils}/bin/kill $WM_PID
|
||||
${pkgs.coreutils}/bin/kill $XEPHYR_PID
|
||||
'';
|
||||
# TODO fix xephyr which doesn't honor resizes anymore
|
||||
sudo_ = pkgs.writeDash "${cfg.name}-sudo" ''
|
||||
#/var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@"
|
||||
${pkgs.systemd}/bin/machinectl shell -E DISPLAY=:0 --uid=${cfg.name} .host ${cfg.script} "$@"
|
||||
'';
|
||||
in nameValuePair name {
|
||||
existing = newOrExisting;
|
||||
xephyr = xephyr_;
|
||||
sudo = sudo_;
|
||||
}
|
||||
) config.lass.xjail;
|
||||
in {
|
||||
|
||||
users.users = mapAttrs' (_: cfg:
|
||||
nameValuePair cfg.name {
|
||||
uid = genid_uint31 cfg.name;
|
||||
home = "/home/${cfg.name}";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
extraGroups = cfg.groups;
|
||||
isNormalUser = true;
|
||||
}
|
||||
) config.lass.xjail;
|
||||
|
||||
users.groups = mapAttrs' (_: cfg:
|
||||
nameValuePair cfg.name {
|
||||
members = [
|
||||
cfg.name
|
||||
cfg.from
|
||||
];
|
||||
}
|
||||
) config.lass.xjail;
|
||||
|
||||
security.polkit.extraConfig = (concatStringsSep "\n" (mapAttrsToList (_: cfg: ''
|
||||
polkit.addRule(function(action, subject) {
|
||||
if (
|
||||
subject.user == "${cfg.from}" &&
|
||||
action.id == "org.freedesktop.machine1.host-shell" &&
|
||||
action.lookup("user") == "${cfg.user}" &&
|
||||
action.lookup("program") == "${cfg.script}" &&
|
||||
true
|
||||
) {
|
||||
return polkit.Result.YES;
|
||||
}
|
||||
});
|
||||
'') config.lass.xjail));
|
||||
|
||||
lass.xjail-bins = mapAttrs' (name: cfg:
|
||||
nameValuePair name (pkgs.writeScriptBin cfg.name ''
|
||||
${scripts.${name}.sudo} "$@"
|
||||
'')
|
||||
) config.lass.xjail;
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user